Pangolin
Hosting Plausible CE securely behind Pangolin SSO #950
Peter-Stuer
started this conversation in
Show and tell
Replies: 1 comment
-
|
Thanks for the write up! Hopefully this helps someone! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
A quick note as this simple thing took me nearly a whole day to fully work out. Hope this will save someone some time.
I wanted to host the Plausible CE Server behind Pangolin Platform SSO, but with the beacons working uninhibited.
Let's assume you have Newt running on 192.168.1.1 , and Plausible CE running on 192.168.1.2
You have defined 2 A records in your DNS configuration (plausible.example.com and plausible-admin.example.com) pointing to your Pangolin VPS ( pangolin.example.com) running on 198.51.100.1
Define the 2 Resources in the Pangolin UI on the Site that is connected to Newt at 192.168.1.1:
plausible-admin.example.com with proxy Protocol: TCP, Method: http , IP: 192.168.1.2 Port: 8000 , Authentication: On
plausible.example.com with proxy Protocol: TCP, Method: http , IP: 192.168.1.2 Port: 8000 , Authentication: Off
Enable Rules on plausible.example.com as:
Priority 1: Always Allow Path /js/
Priority 2: Always Allow Path /api/event
Priority 3: Always Deny Path .*
In the .env of your Plausible CE, make sure you have:
BASE_URL=https://plausible-admin.example.com
CHECK_ORIGIN=https://plausible-admin.example.com,https://plausible.example.com
When from the Plausible GUI you generate the script snippet for a new site, change the plausible-admin.example.com to plausible.example.com
Restart your Docker Compose for Plausible and you should have everything working now.
P.S. That part that had me stumped was the need for BASE_URL=https://plausible-admin.example.com . By default I think it will be BASE_URL=https://plausible.example.com:8000 or BASE_URL=https://localhost:8000 . The result will be you will get successfully to the first access Plausible CE screen at https://plausible-admin.example.com/ redirected to https://plausible-admin.example.com/register as if everything is working, but the page will soon start generating 403's for websocket connections it tries to establish to wss://plausible-admin.example.com/live/websocket, resulting in you never being able to pass the initial step of the setup. As the Plausible pages seem to use Phoenix LiveView to set up live wss connections, this mistakenly sent me down a rabbit hole of whether the WebSocket Connection Upgrade flow is potentially not preserved through the tunnel etc. , whereas it was just the BASE_URL that was wrongly configured by default.
Beta Was this translation helpful? Give feedback.
All reactions